Security

Vulnerabilities & Threats

Windows Server 2003 End of Life

As of July 14 2015, Windows Server 2003R2 customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows Server 2003R2 will not be addressed by new security updates from Microsoft. Contact us today about upgrading your ageing servers.

DropBox

Because many people use the same password for many different websites and accounts, hackers are able to take passwords used on one site, and reuse them to log into a person’s account on another site. In the case of Dropbox, that means any corporate secrets stored in your Dropbox account could be easily accessed.

Dropbox is a cloud-based, consumer-grade file sharing solution. It is easy to use and ensures that an individual’s files remain accessible at any time and from any location, so long as he or she has a working Internet connection.
This makes the solution extremely popular for employees who travel a lot, or occasionally work from home. By storing corporate files in Dropbox, they can remain productive even when working outside of the office.

Dropbox Vulnerabilities

The problem for businesses is that, because it is consumer-grade, Dropbox has very limited data security, and firms need to ensure their information remains protected. It may be fine for a person’s private records, which are less likely to be a target for cyber-criminals. Business data, on the other hand, is far more likely to attract the attention of cyber-criminals, as obtaining a single organization’s records may allow for wide-ranging fraud or even corporate espionage.
Cyber-criminals are well aware of the vulnerabilities inherent to Dropbox, and they will jump at any opportunity to steal a business’s information stored in this environment. Allowing employees to use Dropbox does not guarantee a data breach will occur, but it certainly increases the odds.

All of these factors should persuade business leaders to disallow their employees to utilize Dropbox for work-related purposes. However, such a policy in and of itself is unlikely to prove successful. In addition to forbidding the use of Dropbox, decision-makers must also ensure that workers have a satisfactory alternative method for secure file sharing.
After all, many workers have become accustomed to enjoying the level of information access enabled by Dropbox, and other consumer-grade box file sharing offerings. Losing the ability to easily send and receive business-related documents will be seen by these employees as extremely damaging to their productivity and effectiveness, and they will likely be unwilling to acquiesce to such a policy.

Instead, they will probably continue to use Dropbox, prioritizing their job responsibilities over corporate security. To avoid creating such a conflict of interests, business leaders must deploy and popularize secure file sharing solutions that achieve the same level of convenience offered by Dropbox, but without the accompanying data integrity issues. If such tools are made available, employees will have no reason to resort to the riskier programs.

Windows XP

As of April 8 2014, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP will not be addressed by new security updates from Microsoft.

Encryption

Encryption is your last defense against malicious entities intending to violate your privacy. When all other means of protecting your data prove fruitless, encryption is your last defense.

An often overlooked but critical area of data security is the actual mail server itself. Even if two mail servers somehow negotiated a secure, encrypted connection, the mail servers might not impervious to eavesdropping. When you’re sending an email, how do you know that the email servers have not been compromised by some malicious security cracker that will search for sensitive data? Are you maintaining the server yourself, or is it maintained by your IT department’s netadmins, your ISP, or someone else entirely that may not have your best interests at heart?

Too often, people assume that the servers that support their daily communications are free of any suspicion. They might not even know the names of the people who have daily, unfettered access to those servers for maintenance purposes. Are you willing to bet your security on the assumption that people you’ve never met — never even heard of — are trustworthy?

The threat landscape is still mostly dominated by random, speculative attacks that are designed to steal personal information. However, targeted attacks have become an established concern in the last two years. Such attacks are specifically tailored to penetrate a particular organization and are often focused on gathering sensitive data that has a monetary value in the ‘dark market’.

Targeted attacks can often be highly sophisticated. But many attacks start by ‘hacking the human’, i.e. by tricking employees into disclosing information that can be used to gain access to corporate resources. Any organization can become a victim. All organizations hold data that is of value to cybercriminals; and they may also be used as ‘stepping-stones’ to reach other companies.”

Last year, large scale targeted attacks included the DDoS attacks launched by Anonymous on government websites in Poland, following the government’s announcement that it would support ACTA (the Anti-Counterfeiting Trade Agreement); the hacking of the official Formula 1 website in protest against the treatment of anti-government protesters in Bahrain; the hacking of various oil companies in protest against drilling in the Arctic; the attack on Saudi Aramco; and the hacking of the French Euromillions website in a protest against gambling.

In the last few years, society has seen a dramatic increase on the reliance on the Internet. This makes organizations of all kinds potentially vulnerable to cyber attacks. Further, this ‘Hacktivism’ looks like it will continue into the coming years and beyond.”

Stuxnet pioneered the use of highly sophisticated malware for targeted attacks on key production facilities. However, while such attacks are rare, it’s now clear that Stuxnet was not an isolated incident. We are now entering an era of cold ‘cyber-war’, where nations have the ability to fight each other unconstrained by the limitations of conventional real-world warfare. At this time, we expect more countries to develop cyber weapons.”

This includes using technology to monitor the activities of those suspected of criminal activities. This is not a new issue – consider the controversy surrounding ‘Magic Lantern’ and the ‘Bundestrojan’.

More recently, debates were sparked because there was a report that a UK company offered the ‘Finfisher’ monitoring software to the previous Egyptian government, and reports that the Indian government asked firms (including Apple, Nokia and RIM) for secret access to mobile devices. Clearly, the use of legal surveillance tools has wider implications for privacy and civil liberties. As law enforcement agencies and governments try to get one step ahead of the criminals, it’s likely that the use of such tools – and the debate surrounding their use – will continue.”

The wide use of mobile devices, while offering huge benefits to a business, also increases the risk. Cloud data can be accessed from devices that may not be as secure as traditional endpoint devices. When the same device is used for both personal and business tasks, that risk increases further.”

This year we have seen growing numbers of ransomware Trojans designed to extort money from their victims, either by encrypting data on the disk or by blocking access to the system. Until fairly recently, this type of cybercrime was confined largely to Russia and other former Soviet countries. But, they have now become a worldwide phenomenon, although sometimes with slightly different modus operandi. In Russia, for example, Trojans that block access to the system often claim to have identified unlicensed software on the victim’s computer and ask for a payment. In Europe, where software piracy is less common, this approach is not as successful. Instead, they masquerade as popup messages from law enforcement agencies claiming to have found child pornography or other illegal content on the computer. This is accompanied by a demand to pay a fine. Such attacks are easy to develop and, as with phishing attacks, there seem to be no shortage of potential victims.”

Attacks on the Mac OS has been growing steadily over the last two years; and it would be naive of anyone using a Mac to imagine that they could not become the victim of cyber crime. It’s not only generalized attacks – such as the 700,000-strong Flashfake botnet – that pose a threat. We have also seen targeted attacks on specific groups, or individuals, known to use Macs. The threat to Macs is real, and it is likely keep growing.”

Mobile malware has exploded in the last 18 months. The majority target Android-based devices – more than 90 per cent is aimed at this operating system. The appearance of the ‘Find and Call’ app earlier this year, has shown that it’s possible for undesirable apps to slip through the net. But it’s likely that, for the time being at least, Android will remain the chief focus of cyber criminals. The key significance of the ‘Find and Call’ app lies in the issue of privacy, data leakage, and the potential damage to a person’s reputation. This app was designed to upload someone’s phone book to a remote server and use it to send SMS spam.”

One of the key methods used by cyber criminals to install malware on a computer is to exploit un-patched vulnerabilities in applications. This relies on the existence of vulnerabilities and the failure of individuals or businesses to patch their applications. Java vulnerabilities currently account for more than 50 per cent of attacks, while Adobe Reader accounts for a further 25 per cent. Cyber criminals will continue to exploit Java in the year ahead. It’s likely that Adobe Reader will also continue to be used by cyber criminals, but probably less so because the latest versions provide an automatic update mechanism.”

Source: Kaspersky Lab researchers Costin Raiu and David Emm. For full explanations of security threats, and a look at 2012 threats, see the Kaspersky Security Bulletin 2012